[PATCH] wg-quick: linux: add support for nft and prefer it
Vasili Pupkin
diggest at gmail.com
Tue Dec 10 18:31:07 CET 2019
On 10.12.2019 18:48, Jason A. Donenfeld wrote:
> restore '%s-I PREROUTING ! -i %s -d %s -m addrtype ! --src-type LOCAL -j DROP
> nftcmd '%sadd rule %s %s preraw iifname != %s %s daddr %s fib saddr type != local drop
I am trying to understand the rulesets. When you check the type of the
source address of the incoming packet its type just can't be local to
our machine, it is the address of the sender. The source address of the
packet can only be local if the packet was sent from the same machine.
Isn't this part of the rule redundant?
More information about the WireGuard
mailing list